SimonTech DevelopmentSimonTech DevelopmentSimonTech

Development

  • +18585983494
  • [email protected]

SimonTech DevelopmentSimonTech DevelopmentSimonTech

Development

  • Extensions
  • Contact
    • Resume
    • Portfolio
    • Clients
  • Support
    • Support Ticket
    • SaaS
    • Support Contracts
    • Knowledge Base
  • Login
    • Forgot Login?

Request Quote

Knowledge Base

Servers
CentOS

CentOS 7.5 + SELinux web folder writable by php/apache?

Fixing the original problem

So we want to serve our files at /var/www/html and enable writing to log files and file uploads as well? Let’s play nice with SELinux.

First, copy the files as usual to /var/www/html, then set the proper ownership and permissions.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Ownership
sudo chown apache:apache -R /var/www/html
cd /var/www/html
 
# File permissions, recursive
find . -type f -exec chmod 0644 {} \;
 
# Dir permissions, recursive
find . -type d -exec chmod 0755 {} \;
 
# SELinux serve files off Apache, resursive
sudo chcon -t httpd_sys_content_t /var/www/html -R
 
# Allow write only to specific dirs
sudo chcon -t httpd_sys_rw_content_t /var/www/html/logs -R
sudo chcon -t httpd_sys_rw_content_t /var/www/html/uploads -R

httpd_sys_content_t – for allowing Apache to serve these contents and httpd_sys_rw_content_t – for allowing Apache to write to those path.

You may use the 'sestatus' command to view the current SELinux status:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The 'setenforce' command may be used to switch between Enforcing and Permissive modes on the fly but note that these changes do not persist through a system reboot.

To make changes persistent through a system reboot, edit the 'SELINUX=' line in  /etc/selinux/config  for either 'enforcing', 'permissive', or 'disabled'. For example: 'SELINUX=permissive'

© 2008 - 2020 SimonTech Development
  • Extensions
  • Contact
    • Resume
    • Portfolio
    • Clients
  • Support
    • Support Ticket
    • SaaS
    • Support Contracts
    • Knowledge Base
  • Login